Despite acute awareness of the millions of dollars in annual costs, and the business risks posed by external internet threats, security leaders highlight the lack of staff expertise and technology as a key reason that these attacks are unchecked, according to a new Ponemon Institute study.

Seventy-nine percent of the IT and IT security practitioners polled indicated their defensive infrastructure to identify and mitigate those threats are either non-existent, ad hoc or inconsistently applied throughout the enterprise. The findings reveal that the companies represented in this research averaged more than one cyber attack per month and incurred annual costs of approximately $3.5 million because of these attacks.

The report “Security Beyond the Traditional Perimeter,” sponsored by BrandProtect, examined the threats, costs and responses of companies to external internet cyber attacks. These threats include executive impersonations, social engineering exploits, and branded attacks arising outside a company’s traditional security perimeter. Security professionals cited an acute need for expertise, technology, and external services to address their growing concerns about these external threats.

Some of the key findings include:
• Fifty-nine percent of respondents say the protection of intellectual property from external threats is essential or very important to the sustainability of their companies.

• External internet attacks are frequent and the financial costs of these attacks are significant. Respondents in this study report they experienced an average of 32 material cyber attacks or slightly more than one per month, costing their companies an average $3.5 million annually.

• Seventy-nine percent of respondents described their security processes for internet and social media monitoring as non-existent (38 percent), ad hoc (23 percent) or inconsistently applied throughout the enterprise (18 percent).

• Sixty-four percent of security leaders (directors or higher) feel that they lack the tools and resources they need to monitor, sixty-two percent lack the tools and resources they need to analyze and understand, and sixty-eight percent lack the tools and resources they need to mitigate external threats.

“The majority of security leaders understand that these external internet threats imperil business continuity,” said Larry Ponemon, president of the Ponemon Research Institute. “The study highlights a gap in defenses against threats that have proven to be extremely effective for cyber criminals and costly for enterprises.”

Security leaders agreed that monitoring the internet and social media is critical to gaining intelligence about external threats. Top monitoring priorities include mobile app monitoring (cited by 62 percent of respondents), social engineering and organizational reconnaissance (61 percent of respondents), branded exploits (59 percent of respondents) spear-phishing infrastructure (58 percent of respondents), and executive and high value threats (54 percent of respondents.)